AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `shadcn-vue mcp init` and selects a non-Codex client.
Impact
Persists an MCP server launch command in the selected project configuration; later client startup can invoke the package.
Mechanism
Explicit project-local MCP configuration and dependency setup.
Rationale
No concrete malware, credential theft, destructive action, stealth persistence, or install-time control-surface mutation was found. Per policy, the explicit MCP client configuration mutation warrants a warning rather than a block.
Evidence
package.jsondist/index.jsdist/mcp-C4LGMHOi.jsdist/registry-C1OCR6fn.js.mcp.json.cursor/mcp.json.vscode/mcp.jsonopencode.json
Network endpoints1
shadcn-vue.com/r
Decision evidence
public snapshotAI called this Suspicious at 89.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `dist/index.js` exposes explicit `mcp init` commands that write selected project AI-client MCP config files.
- The generated MCP entries invoke `npx shadcn-vue@latest mcp`, leaving a mutable package tag in the client configuration.
- `mcp init` also adds `shadcn-vue@latest` as a project dev dependency.
Evidence against
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
- MCP configuration mutation requires an explicit `shadcn-vue mcp init --client ...` command.
- For Codex, `dist/index.js` prints instructions for `~/.codex/config.toml` rather than writing it.
- Registry networking is CLI functionality; the default registry is `https://shadcn-vue.com/r` and registry headers come from user configuration.
- No `eval`, `Function`, VM, native binary loading, credential harvesting, or automatic exfiltration was found.
- `dist/index.js` validates registry file targets before component installation.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
•Published source reference
Medium
Ai Review Evidence
`dist/index.js` exposes explicit `mcp init` commands that write selected project AI-client MCP config files.
dist/index.jsView on unpkgFindings
5 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/index.js
MediumAi Review Evidence
MediumSuspicious Dependency Evidence
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings